CVE-2022-33967
20.07.2022, 07:15
squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition or arbitrary code execution.Enginsight
| Vendor | Product | Version |
|---|---|---|
| denx | u-boot | 2020.10:rc2 |
| denx | u-boot | 2020.10:rc3 |
| denx | u-boot | 2020.10:rc4 |
| denx | u-boot | 2020.10:rc5 |
| denx | u-boot | 2021.01 |
| denx | u-boot | 2021.01:rc1 |
| denx | u-boot | 2021.01:rc2 |
| denx | u-boot | 2021.01:rc3 |
| denx | u-boot | 2021.01:rc4 |
| denx | u-boot | 2021.01:rc5 |
| denx | u-boot | 2021.04:rc1 |
| denx | u-boot | 2021.04:rc2 |
| denx | u-boot | 2022.01 |
| denx | u-boot | 2022.01:rc1 |
| denx | u-boot | 2022.01:rc2 |
| denx | u-boot | 2022.01:rc3 |
| denx | u-boot | 2022.01:rc4 |
| denx | u-boot | 2022.04 |
| denx | u-boot | 2022.04:rc1 |
| denx | u-boot | 2022.04:rc2 |
| denx | u-boot | 2022.04:rc3 |
| denx | u-boot | 2022.04:rc4 |
| denx | u-boot | 2022.04:rc5 |
| denx | u-boot | 2022.07:rc1 |
| denx | u-boot | 2022.07:rc2 |
| denx | u-boot | 2022.07:rc3 |
| denx | u-boot | 2022.07:rc4 |
| denx | u-boot | 2022.07:rc5 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References